node-red-contrib-knx-ultimate 4.0.3 → 4.0.5

package/CHANGELOG.md

@@ -6,6 +6,12 @@
 
 # CHANGELOG
 
+**Version 4.0.4** - September 2025<br/>
+- NEW: You have now the choide to select multiple modes to authenticate to a KNX Gateway.<br/>
+
+**Version 4.0.4** - September 2025<br/>
+- NEW: you can now login to your secure gateway using only tunnel and password, without the keyring file.<br/>
+
 **Version 4.0.3** - September 2025<br/>
 - GlobalContextNode: Added "lastupdate" property.<br/>
 - Device Node. Refractor snippet list and UI.<br/>

package/README.md

@@ -86,10 +86,8 @@ Please subscribe to the [Youtube channel](https://www.youtube.com/playlist?list=
 |--|--|
 | KNX Tunnelling | ![](https://placehold.co/200x20/green/white?text=YES) |
 | KNX Routing | ![](https://placehold.co/200x20/green/white?text=YES) |
+| KNX IP Secure/Data secure | ![](https://placehold.co/200x20/green/white?text=YES) |
 | Philips Hue v2 | ![](https://placehold.co/200x20/green/white?text=YES) |
-| KNX Secure Tunnelling | ![](https://placehold.co/200x20/green/white?text=YES) |
-| KNX Secure Routing | ![](https://placehold.co/200x20/green/white?text=YES) |
-
 
 <br/>
 
@@ -97,7 +95,7 @@ Please subscribe to the [Youtube channel](https://www.youtube.com/playlist?list=
 ## DOCUMENTATION
 
 * [Wiki and Help](https://github.com/Supergiovane/node-red-contrib-knx-ultimate/wiki)
-* [FAQ + Troubleshoot](https://github.com/Supergiovane/node-red-contrib-knx-ultimate/wiki/5.-FAQ-Troubleshoot)
+* [FAQ + Troubleshoot](https://github.com/Supergiovane/node-red-contrib-knx-ultimate/wiki/FAQ-Troubleshoot)
 * [Security best practices](https://github.com/Supergiovane/node-red-contrib-knx-ultimate/wiki/SECURITY)
 
 

package/nodes/knxUltimate-config.html

@@ -21,8 +21,12 @@
             ignoreTelegramsWithRepeatedFlag: { value: false, required: false },
             keyringFileXML: { value: "" },
             knxSecureSelected: { value: false },
+            secureCredentialsMode: { value: "keyring" },
             tunnelIASelection: { value: "Auto" },
             tunnelIA: { value: "" },
+            tunnelInterfaceIndividualAddress: { value: "" },
+            tunnelUserPassword: { value: "" },
+            tunnelUserId: { value: "" },
             autoReconnect: { value: "yes" }
         },
         credentials: {
@@ -68,13 +72,13 @@
                 active: (node.knxSecureSelected === true || node.knxSecureSelected === 'true') ? 1 : 0,
                 activate: function (event, ui) {
                     node.knxSecureSelected = $(ui.newTab).index() === 1;
-                    try { updateTunnelIAVisibility(); updatePhysAddrVisibility(); updateSecureMulticastHint(); } catch (e) { }
+                    try { updateTunnelIAVisibility(); updatePhysAddrVisibility(); updateSecureMulticastHint(); enforceProtocolFromIP(); } catch (e) { }
                 }
             });
             // Ensure the correct tab is enforced after all UI init
             try {
                 const initialActive = (node.knxSecureSelected === true || node.knxSecureSelected === 'true') ? 1 : 0;
-                setTimeout(() => { $("#tabsMain").tabs("option", "active", initialActive); updateTunnelIAVisibility(); updatePhysAddrVisibility(); updateSecureMulticastHint(); }, 0);
+                setTimeout(() => { $("#tabsMain").tabs("option", "active", initialActive); updateTunnelIAVisibility(); updatePhysAddrVisibility(); updateSecureMulticastHint(); enforceProtocolFromIP(); }, 0);
             } catch (e) { }
 
             // Keyring ACE editor setup
@@ -98,6 +102,96 @@
                 try { node._csvEditor.getSession().setUseWrapMode(true); } catch (e) { }
             } catch (e) { }
 
+            function getSecureCredentialsMode() {
+                try {
+                    const sel = $("#node-config-input-secureCredentialsMode").val();
+                    return (typeof sel === 'string' && sel.length > 0) ? sel : 'keyring';
+                } catch (e) {
+                    return 'keyring';
+                }
+            }
+
+            function isSecureTabActive() {
+                try {
+                    return $("#tabsMain").tabs("option", "active") === 1;
+                } catch (e) {
+                    return !!(typeof node.knxSecureSelected !== 'undefined' ? node.knxSecureSelected : false);
+                }
+            }
+
+            function parseIPv4Address(str) {
+                if (typeof str !== 'string') return null;
+                const parts = str.trim().split('.');
+                if (parts.length !== 4) return null;
+                const octets = [];
+                for (let i = 0; i < parts.length; i++) {
+                    const part = parts[i];
+                    if (!/^\d+$/.test(part)) return null;
+                    const value = Number(part);
+                    if (value < 0 || value > 255) return null;
+                    octets.push(value);
+                }
+                return octets;
+            }
+
+            function isMulticastIPv4(octets) {
+                if (!Array.isArray(octets) || octets.length !== 4) return false;
+                const first = octets[0];
+                return first >= 224 && first <= 239;
+            }
+
+            function normalizeTunnelIAValue(value) {
+                if (typeof value !== 'string') return '';
+                const trimmed = value.trim();
+                return (trimmed && trimmed !== 'undefined') ? trimmed : '';
+            }
+
+            function setTunnelIAValue(value) {
+                const normalized = normalizeTunnelIAValue(value || '');
+                try { $("#node-config-input-tunnelIA").val(normalized); } catch (e) { }
+                try { $("#node-config-input-tunnelInterfaceIndividualAddress").val(normalized); } catch (e) { }
+            }
+
+            function syncTunnelIAFromManual() {
+                try { setTunnelIAValue($("#node-config-input-tunnelInterfaceIndividualAddress").val()); } catch (e) { }
+            }
+
+            function syncTunnelIAFromKeyring() {
+                try { setTunnelIAValue($("#node-config-input-tunnelIA").val()); } catch (e) { }
+            }
+
+            function enforceProtocolFromIP() {
+                try {
+                    const ipTyped = String($("#node-config-input-host").val() || '').trim();
+                    if (!ipTyped) return;
+                    const octets = parseIPv4Address(ipTyped);
+                    if (!octets || isMulticastIPv4(octets)) return;
+                    const autoProto = isSecureTabActive() ? 'TunnelTCP' : 'TunnelUDP';
+                    const $sel = $("#node-config-input-hostProtocol");
+                    if ($sel.val() !== autoProto) {
+                        $sel.val(autoProto);
+                        updateTunnelIAVisibility();
+                        updateSecureMulticastHint();
+                        updatePhysAddrVisibility();
+                    }
+                } catch (e) { }
+            }
+
+            function updateSecureCredentialMode() {
+                try {
+                    const mode = getSecureCredentialsMode();
+                    const showKeyringFields = (mode === 'keyring' || mode === 'combined');
+                    const showKeyringIAControls = (mode === 'keyring');
+                    $("#secureKeyringFields").toggle(showKeyringFields);
+                    if (!showKeyringIAControls) {
+                        $("#rowTunnelIASelection").hide();
+                        $("#divTunnelIA").hide();
+                    }
+                } catch (e) { }
+                updateTunnelIAVisibility();
+                enforceProtocolFromIP();
+            }
+
             // Helper: show/hide Tunnel IA controls depending on mode
             function updateTunnelIAVisibility() {
                 try {
@@ -105,7 +199,10 @@
                     const hostProtocol = $("#node-config-input-hostProtocol").val();
                     const ip = $("#node-config-input-host").val();
                     const isMulticast = (hostProtocol === 'Multicast') || (ip === '224.0.23.12');
-                    const showTunnelIA = isSecure && !isMulticast;
+                    const mode = getSecureCredentialsMode();
+                    const keyringMode = (mode === 'keyring');
+                    const manualMode = (mode === 'manual' || mode === 'combined');
+                    const showTunnelIA = isSecure && !isMulticast && keyringMode;
                     if (showTunnelIA) {
                         $("#rowTunnelIASelection").show();
                         if ($("#node-config-input-tunnelIASelection").val() === 'Manual') {
@@ -117,6 +214,15 @@
                         $("#rowTunnelIASelection").hide();
                         $("#divTunnelIA").hide();
                     }
+                    const showManualTunnelFields = isSecure && !isMulticast && manualMode;
+                    $("#rowTunnelInterfaceIndividualAddress").toggle(showManualTunnelFields);
+                    $("#rowTunnelUserPassword").toggle(showManualTunnelFields);
+                    $("#rowTunnelUserId").toggle(showManualTunnelFields);
+                    if (!showManualTunnelFields) {
+                        try {
+                            $("#node-config-input-tunnelInterfaceIndividualAddress").removeClass('input-error');
+                        } catch (e) { }
+                    }
                 } catch (e) { }
             }
             // Helper: ensure Physical Address row is visible (required also in multicast)
@@ -203,6 +309,18 @@
             let aTunnelIAs = [];
             function populateTunnelIAList() {
                 try {
+                    const mode = getSecureCredentialsMode();
+                    const keyringMode = (mode === 'keyring');
+                    if (!keyringMode) {
+                        aTunnelIAs = [];
+                        try {
+                            const $ia = $("#node-config-input-tunnelIA");
+                            if ($ia.data('ui-autocomplete')) {
+                                $ia.autocomplete('option', 'source', aTunnelIAs);
+                            }
+                        } catch (e) { }
+                        return;
+                    }
                     const keyring = $("#node-config-input-keyringFileXML").val();
                     const pwd = $("#node-config-input-keyringFilePassword").val();
                     const params = { serverId: node.id };
@@ -231,8 +349,14 @@
 
             // Secure: Tunnel IA selection
             try {
+                const storedTunnelIA = (() => {
+                    const manualStored = normalizeTunnelIAValue(node.tunnelInterfaceIndividualAddress);
+                    const keyringStored = normalizeTunnelIAValue(node.tunnelIA);
+                    return manualStored || keyringStored;
+                })();
+                setTunnelIAValue(storedTunnelIA);
                 $("#node-config-input-tunnelIASelection").val(typeof node.tunnelIASelection === 'undefined' ? 'Auto' : node.tunnelIASelection);
-                $("#node-config-input-tunnelIA").val(typeof node.tunnelIA === 'undefined' ? '' : node.tunnelIA);
+                $("#node-config-input-tunnelIA").on('change input', syncTunnelIAFromKeyring);
                 const toggleTunnelIA = () => {
                     if ($("#node-config-input-tunnelIASelection").val() === 'Manual') {
                         $("#divTunnelIA").show();
@@ -255,8 +379,8 @@
                     $("#node-config-input-tunnelIA").autocomplete({
                         minLength: 0,
                         source: function (request, response) { response(aTunnelIAs); },
-                        focus: function (event, ui) { $(this).val(ui.item.value); return false; },
-                        select: function (event, ui) { $(this).val(ui.item.value); return false; }
+                        focus: function (event, ui) { setTunnelIAValue(ui.item.value); return false; },
+                        select: function (event, ui) { setTunnelIAValue(ui.item.value); return false; }
                     }).on('focus click', function () {
                         // Show dropdown on focus/click
                         $(this).autocomplete('search', '');
@@ -264,6 +388,18 @@
                 } catch (e) { }
             } catch (error) { }
 
+            try {
+                $("#node-config-input-secureCredentialsMode").val(typeof node.secureCredentialsMode === 'undefined' ? 'keyring' : node.secureCredentialsMode);
+                $("#node-config-input-tunnelInterfaceIndividualAddress").on('change input', syncTunnelIAFromManual);
+                $("#node-config-input-tunnelUserPassword").val(typeof node.tunnelUserPassword === 'undefined' ? '' : node.tunnelUserPassword);
+                $("#node-config-input-tunnelUserId").val(typeof node.tunnelUserId === 'undefined' ? '' : node.tunnelUserId);
+                $("#node-config-input-secureCredentialsMode").on('change', function () {
+                    updateSecureCredentialMode();
+                    updateSecureMulticastHint();
+                });
+                updateSecureCredentialMode();
+            } catch (error) { }
+
             // Autocomplete with KNX IP Interfaces + Refresh capability
             let aKNXInterfaces = [];
             function refreshKNXGateways(openDropdown) {
@@ -454,9 +590,7 @@
             // Abilita manualmente la lista dei protocolli quando l'utente modifica l'IP a mano
             try {
                 $("#node-config-input-host").on('input', function () {
-                    const isSecure = (function () {
-                        try { return $("#tabsMain").tabs("option", "active") === 1; } catch (e) { return !!node.knxSecureSelected; }
-                    })();
+                    const isSecure = isSecureTabActive();
                     const $sel = $("#node-config-input-hostProtocol");
                     // Abilita select
                     $sel.prop('disabled', false);
@@ -494,6 +628,8 @@
                             }
                             // If discovery knows protocol, preselect it (keep select enabled for manual override)
                             if (proto) { $("#node-config-input-hostProtocol").val(proto); }
+                            const octets = parseIPv4Address(ipTyped);
+                            if (octets && !isMulticastIPv4(octets)) enforceProtocolFromIP();
                         }
                     } catch (e) { }
                 });
@@ -560,6 +696,9 @@
                     node._csvEditor.destroy();
                     node._csvEditor = null;
                 }
+                try {
+                    $("#node-config-input-tunnelIA").val($("#node-config-input-tunnelInterfaceIndividualAddress").val());
+                } catch (e) { }
             } catch (e) { }
             // Check if the csv file contains errors
             if (($("#node-config-input-csv").val() != 'undefined' && $("#node-config-input-csv").val() != "") || ($("#node-config-input-keyring").val() != 'undefined' && $("#node-config-input-keyring").val() != "")) {
@@ -675,6 +814,15 @@
                         <span data-i18n="knxUltimate-config.ets.youtubeKeyring"></span>
                     </a>
                 </div>
+                <div class="form-row">
+                    <label for="node-config-input-secureCredentialsMode"><i class="fa fa-shield"></i> <span data-i18n="knxUltimate-config.ets.secure_credentials_mode"></span></label>
+                    <select id="node-config-input-secureCredentialsMode" style="width:200px;">
+                        <option value="keyring" data-i18n="knxUltimate-config.ets.secure_credentials_mode_keyring"></option>
+                        <option value="manual" data-i18n="knxUltimate-config.ets.secure_credentials_mode_manual"></option>
+                        <option value="combined" data-i18n="knxUltimate-config.ets.secure_credentials_mode_combined"></option>
+                    </select>
+                </div>
+                <div id="secureKeyringFields">
                 <div class="form-row">
                     <label for="node-config-input-keyringFileXML"><span data-i18n="knxUltimate-config.ets.keyring_file"></span></label>
                     <div id="node-config-input-keyringFileXML-editor" class="node-text-editor" style="height:200px; min-height:140px; width:100%"></div>
@@ -695,6 +843,19 @@
                     <label for="node-config-input-tunnelIA"><i class="fa fa-map-marker"></i> <span data-i18n="knxUltimate-config.properties.tunnel_ia_input_label"></span></label>
                     <input type="text" id="node-config-input-tunnelIA" style="width:150px;" data-i18n="[placeholder]knxUltimate-config.properties.tunnel_ia_placeholder"/>
                 </div>
+                </div>
+                <div class="form-row" id="rowTunnelInterfaceIndividualAddress" style="display:none;">
+                    <label for="node-config-input-tunnelInterfaceIndividualAddress"><i class="fa fa-map-marker"></i> <span data-i18n="knxUltimate-config.ets.tunnel_interface_individual_address"></span></label>
+                    <input type="text" id="node-config-input-tunnelInterfaceIndividualAddress" style="width:150px;" data-i18n="[placeholder]knxUltimate-config.ets.tunnel_interface_individual_address_placeholder"/>
+                </div>
+                <div class="form-row" id="rowTunnelUserId" style="display:none;">
+                    <label for="node-config-input-tunnelUserId"><i class="fa fa-id-badge"></i> <span data-i18n="knxUltimate-config.ets.tunnel_user_id"></span></label>
+                    <input type="text" id="node-config-input-tunnelUserId" style="width:150px;" />
+                </div>
+                <div class="form-row" id="rowTunnelUserPassword" style="display:none;">
+                    <label for="node-config-input-tunnelUserPassword"><i class="fa fa-lock"></i> <span data-i18n="knxUltimate-config.ets.tunnel_user_password"></span></label>
+                    <input type="text" id="node-config-input-tunnelUserPassword" style="width:200px;" />
+                </div>
             </p>   
         </div>
     </div>

package/nodes/knxUltimate-config.js

@@ -98,9 +98,27 @@ module.exports = (RED) => {
     // 24/07/2021 KNX Secure checks...
     node.keyringFileXML = typeof config.keyringFileXML === "undefined" || config.keyringFileXML.trim() === "" ? "" : config.keyringFileXML;
     node.knxSecureSelected = typeof config.knxSecureSelected === "undefined" ? false : config.knxSecureSelected;
+    node.secureCredentialsMode = typeof config.secureCredentialsMode === "undefined" ? "keyring" : config.secureCredentialsMode;
     // 2025-09 Secure Tunnel Interface IA selection (Auto/Manual)
     node.tunnelIASelection = typeof config.tunnelIASelection === "undefined" ? "Auto" : config.tunnelIASelection;
-    node.tunnelIA = typeof config.tunnelIA === "undefined" ? "" : config.tunnelIA;
+    node.tunnelIA = typeof config.tunnelIA === "undefined" || config.tunnelIA === null ? "" : String(config.tunnelIA);
+    node.tunnelInterfaceIndividualAddress = typeof config.tunnelInterfaceIndividualAddress === "undefined" || config.tunnelInterfaceIndividualAddress === null
+      ? ""
+      : String(config.tunnelInterfaceIndividualAddress);
+    const normalizedTunnelIA = (value) => {
+      if (typeof value !== "string") return "";
+      const trimmed = value.trim();
+      return trimmed === "undefined" ? "" : trimmed;
+    };
+    node.tunnelIA = normalizedTunnelIA(node.tunnelIA);
+    node.tunnelInterfaceIndividualAddress = normalizedTunnelIA(node.tunnelInterfaceIndividualAddress);
+    if (!node.tunnelInterfaceIndividualAddress && node.tunnelIA) {
+      node.tunnelInterfaceIndividualAddress = node.tunnelIA;
+    } else if (!node.tunnelIA && node.tunnelInterfaceIndividualAddress) {
+      node.tunnelIA = node.tunnelInterfaceIndividualAddress;
+    }
+    node.tunnelUserPassword = typeof config.tunnelUserPassword === "undefined" ? "" : config.tunnelUserPassword;
+    node.tunnelUserId = typeof config.tunnelUserId === "undefined" ? "" : config.tunnelUserId;
     node.name = config.name === undefined || config.name === "" ? node.host : config.name; // 12/08/2021
     node.timerKNXUltimateCheckState = null; // 08/10/2021 Check the state. If not connected and autoreconnect is true, retrig the connetion attempt.
     node.knxConnectionProperties = null; // Retains the connection properties
@@ -126,7 +144,8 @@ module.exports = (RED) => {
       ) {
         node.hostProtocol = "Multicast";
       } else {
-        node.hostProtocol = "TunnelUDP";
+        const isSecure = node.knxSecureSelected === true || node.knxSecureSelected === "true";
+        node.hostProtocol = isSecure ? "TunnelTCP" : "TunnelUDP";
       }
       node.sysLogger?.info("IP Protocol AUTO SET to " + node.hostProtocol + ", based on IP " + node.host);
     }
@@ -158,35 +177,68 @@ module.exports = (RED) => {
     (async () => {
       try {
         if (node.knxSecureSelected) {
-          // Prepare secure config for KNXClient. The loader accepts either a
-          // filesystem path to .knxkeys or the raw XML/base64 content.
-          node.secureTunnelConfig = {
-            knxkeys_file_path: node.keyringFileXML || "",
-            knxkeys_password: node.credentials?.keyringFilePassword || "",
-          };
-          // Manual IA selection
-          try {
-            if (node.tunnelIASelection === "Manual" && typeof node.tunnelIA === "string" && node.tunnelIA.trim() !== "") {
-              node.secureTunnelConfig.tunnelInterfaceIndividualAddress = node.tunnelIA.trim();
-            } else {
-              node.secureTunnelConfig.tunnelInterfaceIndividualAddress = ""; // Auto
+          const secureMode = typeof node.secureCredentialsMode === "string" ? node.secureCredentialsMode : "keyring";
+          const useManual = secureMode === "manual" || secureMode === "combined";
+          const useKeyring = secureMode === "keyring" || secureMode === "combined";
+
+          const secureConfig = {};
+          const modeParts = [];
+
+          if (useManual) {
+            const manualIA = (node.tunnelInterfaceIndividualAddress || "").trim();
+            const manualUserId = (node.tunnelUserId || "").trim();
+            const manualPwd = node.tunnelUserPassword || "";
+
+            if (manualIA) {
+              secureConfig.tunnelInterfaceIndividualAddress = manualIA;
+            }
+            if (manualUserId) {
+              secureConfig.tunnelUserId = manualUserId;
             }
-          } catch (e) { /* empty */ }
+            // Always include password property so KNX library receives the intended value (even if empty)
+            secureConfig.tunnelUserPassword = manualPwd;
+            modeParts.push("manual tunnel credentials");
+          }
+
+          if (useKeyring) {
+            secureConfig.knxkeys_file_path = node.keyringFileXML || "";
+            secureConfig.knxkeys_password = node.credentials?.keyringFilePassword || "";
 
-          // Optional early validation to give immediate feedback (non-fatal)
-          if (Keyring && node.keyringFileXML && (node.credentials?.keyringFilePassword || "") !== "") {
             try {
-              const kr = new Keyring();
-              await kr.load(node.keyringFileXML, node.credentials.keyringFilePassword);
-              const createdBy = kr.getCreatedBy?.() || "unknown";
-              const created = kr.getCreated?.() || "unknown";
-              RED.log.info(`KNX-Secure: Keyring validated (Created by ${createdBy} on ${created}) using node ${node.name || node.id}`);
-            } catch (err) {
-              node.sysLogger?.error("KNX Secure: keyring validation failed: " + err.message);
-              // Keep secure enabled: KNXClient will emit detailed errors on connect
+              const manualSelectionIA = normalizedTunnelIA(node.tunnelIA);
+              if (node.tunnelIASelection === "Manual" && manualSelectionIA) {
+                if (!secureConfig.tunnelInterfaceIndividualAddress) {
+                  secureConfig.tunnelInterfaceIndividualAddress = manualSelectionIA;
+                }
+              } else if (!secureConfig.tunnelInterfaceIndividualAddress) {
+                secureConfig.tunnelInterfaceIndividualAddress = ""; // Auto (let KNX stack select)
+              }
+            } catch (e) { /* empty */ }
+
+            // Optional early validation to give immediate feedback (non-fatal)
+            if (Keyring && node.keyringFileXML && (node.credentials?.keyringFilePassword || "") !== "") {
+              try {
+                const kr = new Keyring();
+                await kr.load(node.keyringFileXML, node.credentials.keyringFilePassword);
+                const createdBy = kr.getCreatedBy?.() || "unknown";
+                const created = kr.getCreated?.() || "unknown";
+                RED.log.info(`KNX-Secure: Keyring validated (Created by ${createdBy} on ${created}) using node ${node.name || node.id}`);
+              } catch (err) {
+                node.sysLogger?.error("KNX Secure: keyring validation failed: " + err.message);
+                // Keep secure enabled: KNXClient will emit detailed errors on connect
+              }
             }
+            modeParts.push("keyring file/password");
+          }
+
+          if (Object.keys(secureConfig).length > 0) {
+            node.secureTunnelConfig = secureConfig;
           } else {
-            RED.log.info("KNX-Secure: secure mode selected. Using provided keyring and password.");
+            node.secureTunnelConfig = undefined;
+          }
+
+          if (modeParts.length > 0) {
+            RED.log.info(`KNX-Secure: secure mode selected (${modeParts.join(" + ")}). Node ${node.name || node.id}`);
           }
         } else {
           RED.log.info("KNX-Unsecure: connection to insecure interface/router using node " + (node.name || node.id));
@@ -750,7 +802,8 @@ module.exports = (RED) => {
       _dest = _datagram.cEMIMessage.dstAddress.toString();
 
       if (_evt === null || _src === null || _dest === null) {
-        node.sysLogger?.error("HandleBusEvent: unable to parse telegram, ignored"); return
+        node.sysLogger?.warn(`HandleBusEvent: unable to parse telegram, ignored (evt=${_evt || 'n/a'} src=${_src || 'n/a'} dest=${_dest || 'n/a'})`);
+        return;
       };
 
       _echoed = _echoed || false;

package/nodes/locales/de/knxUltimate-config.json

@@ -85,6 +85,14 @@
             "youtubeKeyring": "Anleitung des XML Keyring Exports auf Youtube",
             "keyring_file": "Keyring-Datei",
             "password": "Passwort",
+            "secure_credentials_mode": "Quelle für Secure-Zugangsdaten",
+            "secure_credentials_mode_keyring": "ETS-Keyring-Datei",
+            "secure_credentials_mode_manual": "Manuelle Zugangsdaten",
+            "secure_credentials_mode_combined": "Keyring + manuelles Tunnel-Passwort",
+            "tunnel_interface_individual_address": "Individuelle Adresse der Tunnel-Schnittstelle",
+            "tunnel_interface_individual_address_placeholder": "1.1.1",
+            "tunnel_user_id": "Tunnel-Benutzer-ID",
+            "tunnel_user_password": "Tunnel-Benutzerpasswort",
             "ga_list_label": "ETS-Gruppenadressliste"
         },
         "utility": {

package/nodes/locales/de-DE/knxUltimate-config.html

@@ -19,6 +19,14 @@ Dieser Node stellt die Verbindung zu deinem KNX/IP‑Gateway her.
 | KNX Physical Address | Physikalische KNX‑Adresse, z. B. `1.1.200`. Standard: `15.15.22`. |
 | Bind to local interface | Lokales Netzwerk‑Interface für die Kommunikation. "Auto" wählt automatisch. Bei mehreren Interfaces (Ethernet/WLAN) ist eine manuelle Auswahl empfehlenswert, damit keine UDP‑Telegramme verloren gehen. |
 | Automatically connect to KNX BUS at start | Automatisch beim Start verbinden. Standard: "Yes". |
+| Secure credentials source | Leg fest, wie KNX Secure Daten bereitgestellt werden: **ETS-Keyring-Datei** (Data-Secure-Schlüssel und ggf. Tunnel-Zugang aus dem Keyring), **Manuelle Zugangsdaten** (nur KNX IP Tunnelling Secure mit manuell eingetragenem Benutzer) oder **Keyring + manuelles Tunnel-Passwort** (Data-Secure-Schlüssel aus dem Keyring, Tunnel-Benutzer/-Passwort manuell). Achtung: KNX Data Secure Telegramme benötigen immer einen Keyring. |
+| Tunnel interface individual address | Sichtbar, sobald die gewählte Option manuelle Zugangsdaten enthält (Manuelle Zugangsdaten oder Keyring + manuelles Tunnel-Passwort). Optionale KNX-Individualadresse der Tunnel-Schnittstelle (z. B. `1.1.1`); leer lassen, damit KNX Ultimate automatisch verhandelt. |
+| Tunnel user ID | Sichtbar bei manuellen Zugangsdaten. Optionale Kennung des KNX Secure Tunnel-Benutzers aus ETS. |
+| Tunnel user password | Sichtbar bei manuellen Zugangsdaten. Passwort des KNX Secure Tunnel-Benutzers aus ETS. |
+
+> **KNX Secure im Überblick**  
+> • *KNX Data Secure* schützt Gruppenadress-Telegramme und benötigt stets eine Keyring-Datei mit den Gruppenschlüsseln.  
+> • *KNX IP Tunnelling Secure* schützt den Verbindungsaufbau mithilfe eines Commissioning-Passworts. Dieses kann – je nach Modus – aus dem Keyring kommen oder manuell eingetragen werden.
 
 <br/>
 

package/nodes/locales/en-US/knxUltimate-config.html

@@ -19,6 +19,14 @@
 | KNX Physical Address | The physical KNX address, example 1.1.200. Default is "15.15.22".|
 | Bind to local interface | The Node will use this local interface for communications. Leave "Auto" for automatic selection. If you have more than one lan connection, for example Ethernet and Wifi, it's strongly recommended to manually select the interface, otherwise not all UDP telegram will reach your computer, thus the Node may not work as expected. Default is "Auto". |
 | Automatically connect to KNX BUS at start | Auto connect to the bus at start. Default is "Yes". |
+| Secure credentials source | Choose how KNX Secure data is provided: **ETS keyring file** (Data Secure keys and, if available, tunnelling credentials come from the keyring), **Manual credentials** (only KNX IP Tunnelling Secure with a manually entered user) or **Keyring + manual tunnel password** (Data Secure keys from the keyring while the secure tunnel uses the manual user/password). Remember: KNX Data Secure telegrams always require a keyring. |
+| Tunnel interface individual address | Visible whenever the selected mode includes manual credentials (Manual or Keyring + manual tunnel password). Optional KNX individual address for the secure tunnel interface (for example `1.1.1`); leave empty to let KNX Ultimate negotiate it automatically. |
+| Tunnel user ID | Visible when manual credentials are used. Optional KNX Secure tunnel user identifier defined in ETS. |
+| Tunnel user password | Visible when manual credentials are used. Password of the secure tunnelling user configured in ETS. |
+
+> **KNX Secure at a glance**  
+> • *KNX Data Secure* protects group-address telegrams and **always** requires a keyring file containing the group keys.  
+> • *KNX IP Tunnelling Secure* protects the connection handshake using a commissioning password. The password can come from the keyring or be entered manually depending on the selected mode.
 
 <br/>
 

package/nodes/locales/en-US/knxUltimate-config.json

@@ -82,6 +82,14 @@
             "youtubeKeyring": "See how to export the Keyring XML file on Youtube",
             "keyring_file": "Keyring file",
             "password": "Password",
+            "secure_credentials_mode": "Secure credentials source",
+            "secure_credentials_mode_keyring": "ETS keyring file",
+            "secure_credentials_mode_manual": "Manual credentials",
+            "secure_credentials_mode_combined": "Keyring + manual tunnel password",
+            "tunnel_interface_individual_address": "Tunnel interface individual address",
+            "tunnel_interface_individual_address_placeholder": "1.1.1",
+            "tunnel_user_id": "Tunnel user ID",
+            "tunnel_user_password": "Tunnel user password",
             "ga_list_label": "ETS group address list"
         },
         "utility": {

package/nodes/locales/it/knxUltimate-config.json

@@ -86,6 +86,14 @@
             "youtubeKeyring": "Guarda come si esporta il Keyring XML su YouTube",
             "keyring_file": "File Keyring",
             "password": "Password",
+            "secure_credentials_mode": "Origine credenziali KNX Secure",
+            "secure_credentials_mode_keyring": "File keyring ETS",
+            "secure_credentials_mode_manual": "Credenziali manuali",
+            "secure_credentials_mode_combined": "File keyring + password tunnel manuale",
+            "tunnel_interface_individual_address": "Indirizzo individuale interfaccia tunnel",
+            "tunnel_interface_individual_address_placeholder": "1.1.1",
+            "tunnel_user_id": "ID utente tunnel",
+            "tunnel_user_password": "Password utente tunnel",
             "ga_list_label": "Lista indirizzi di gruppo ETS"
         },
         "utility": {

package/nodes/locales/it-IT/knxUltimate-config.html

@@ -19,6 +19,14 @@ Questo nodo si connette al tuo KNX/IP Gateway.
 | KNX Physical Address | Indirizzo fisico KNX, es. `1.1.200`. Default: `15.15.22`. |
 | Bind to local interface | Interfaccia di rete locale usata dal nodo. Lascia "Auto" per selezione automatica. Se hai più interfacce (Ethernet/Wi‑Fi), è consigliato impostarla manualmente per evitare perdita di telegrammi UDP. Default: "Auto". |
 | Automatically connect to KNX BUS at start | Connessione automatica al BUS all’avvio. Default: "Yes". |
+| Secure credentials source | Scegli come fornire i dati KNX Secure: **File keyring ETS** (le chiavi Data Secure e, se presenti, le credenziali di tunnelling arrivano dal keyring), **Credenziali manuali** (solo KNX IP Tunnelling Secure con utente inserito a mano) oppure **File keyring + password tunnel manuale** (le chiavi Data Secure dal keyring e l’utente/password del tunnel impostati manualmente). Ricorda: i telegrammi KNX Data Secure richiedono sempre un keyring. |
+| Tunnel interface individual address | Visibile quando la modalità selezionata prevede credenziali manuali (Credenziali manuali o File keyring + password tunnel manuale). Indirizzo individuale opzionale dell’interfaccia tunnel sicura (es. `1.1.1`); lascia vuoto per negoziazione automatica da parte di KNX Ultimate. |
+| Tunnel user ID | Visibile quando sono attive credenziali manuali. ID opzionale dell’utente tunnel KNX Secure definito in ETS. |
+| Tunnel user password | Visibile quando sono attive credenziali manuali. Password dell’utente tunnel KNX Secure configurata in ETS. |
+
+> **Nota su KNX Secure**  
+> • *KNX Data Secure* protegge i telegrammi sugli indirizzi di gruppo e richiede sempre un file keyring con le chiavi di gruppo.  
+> • *KNX IP Tunnelling Secure* protegge l’handshake di connessione tramite una password di commissioning, che può essere letta dal keyring oppure inserita manualmente in base alla modalità scelta.
 
 <br/>
 

package/nodes/locales/zh-CN/knxUltimate-config.html

@@ -19,6 +19,14 @@
 | KNX Physical Address | 物理地址，如 `1.1.200`。默认 `15.15.22`。|
 | Bind to local interface | 使用的本地网络接口。"Auto" 自动选择。若有多网卡（以太网/无线），建议手动指定，避免 UDP 丢包。|
 | Automatically connect to KNX BUS at start | 启动时自动连接总线。默认 "Yes"。|
+| Secure credentials source | 选择如何提供 KNX Secure 数据：**ETS 密钥环文件**（Data Secure 密钥以及—若存在—隧道凭据来自密钥环）、**手动凭据**（仅启用 KNX IP 安全隧道，手动输入用户）或 **密钥环 + 手动隧道密码**（Data Secure 由密钥环提供，隧道用户/密码手动输入）。注意：KNX Data Secure 报文始终需要密钥环文件。|
+| Tunnel interface individual address | 当所选模式包含手动凭据时显示（手动凭据或密钥环 + 手动隧道密码）。可选的安全隧道 KNX 个人地址（如 `1.1.1`）；留空则由 KNX Ultimate 自动协商。|
+| Tunnel user ID | 启用手动凭据时显示。可选的 KNX Secure 隧道用户 ID（在 ETS 中配置）。|
+| Tunnel user password | 启用手动凭据时显示。输入 ETS 中配置的 KNX Secure 隧道用户密码。|
+
+> **KNX Secure 概览**  
+> • *KNX Data Secure* 用于保护组地址报文，**始终** 需要包含组密钥的密钥环文件。  
+> • *KNX IP Tunnelling Secure* 通过调试密码保护连接握手，密码可以根据模式从密钥环中读取，或在界面中手动输入。
 
 <br/>
 

package/nodes/locales/zh-CN/knxUltimate-config.json

@@ -81,6 +81,14 @@
             "youtubeKeyring": "在 Youtube 上了解如何导出 Keyring XML 文件",
             "keyring_file": "Keyring 文件",
             "password": "密码",
+            "secure_credentials_mode": "安全凭据来源",
+            "secure_credentials_mode_keyring": "ETS 密钥环文件",
+            "secure_credentials_mode_manual": "手动凭据",
+            "secure_credentials_mode_combined": "密钥环 + 手动隧道密码",
+            "tunnel_interface_individual_address": "隧道接口个人地址",
+            "tunnel_interface_individual_address_placeholder": "1.1.1",
+            "tunnel_user_id": "隧道用户 ID",
+            "tunnel_user_password": "隧道用户密码",
             "ga_list_label": "ETS 组地址列表"
         },
         "utility": {

package/package.json

@@ -3,14 +3,14 @@
   "engines": {
     "node": ">=20.18.1"
   },
-  "version": "4.0.3",
+  "version": "4.0.5",
   "description": "Control your KNX and KNX Secure intallation via Node-Red! A bunch of KNX nodes, with integrated Philips HUE control and ETS group address importer. Easy to use and highly configurable.",
   "dependencies": {
     "binary-parser": "2.2.1",
     "crypto-js": "4.2.0",
     "dns-sync": "0.2.1",
     "js-yaml": "4.1.0",
-    "knxultimate": "5.0.0",
+    "knxultimate": "5.1.1",
     "lodash": "4.17.21",
     "mkdirp": "3.0.1",
     "node-color-log": "12.0.1",